tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[SCTP]: Add check for hmac_algo parameter in sctp_verify_param()

RFC 4890 has the following text:

The HMAC algorithm based on SHA-1 MUST be supported and
included in the HMAC-ALGO parameter.

As a result, we need to check in sctp_verify_param() that HMAC_SHA1 is
present in the list. If not, we should probably treat this as a
protocol violation.

It should also be a protocol violation if the HMAC parameter is empty.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Wei Yongjun and committed by
David S. Miller 72da7b38 e56cfad1

+26 -3
+26 -3
net/sctp/sm_make_chunk.c
··· 1982 1982 struct sctp_chunk *chunk, 1983 1983 struct sctp_chunk **err_chunk) 1984 1984 { 1985 + struct sctp_hmac_algo_param *hmacs; 1985 1986 int retval = SCTP_IERROR_NO_ERROR; 1987 + __u16 n_elt, id = 0; 1988 + int i; 1986 1989 1987 1990 /* FIXME - This routine is not looking at each parameter per the 1988 1991 * chunk type, i.e., unrecognized parameters should be further ··· 2059 2056 break; 2060 2057 2061 2058 case SCTP_PARAM_HMAC_ALGO: 2062 - if (sctp_auth_enable) 2063 - break; 2064 - /* Fall Through */ 2059 + if (!sctp_auth_enable) 2060 + goto fallthrough; 2061 + 2062 + hmacs = (struct sctp_hmac_algo_param *)param.p; 2063 + n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2064 + 2065 + /* SCTP-AUTH: Section 6.1 2066 + * The HMAC algorithm based on SHA-1 MUST be supported and 2067 + * included in the HMAC-ALGO parameter. 2068 + */ 2069 + for (i = 0; i < n_elt; i++) { 2070 + id = ntohs(hmacs->hmac_ids[i]); 2071 + 2072 + if (id == SCTP_AUTH_HMAC_ID_SHA1) 2073 + break; 2074 + } 2075 + 2076 + if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2077 + sctp_process_inv_paramlength(asoc, param.p, chunk, 2078 + err_chunk); 2079 + retval = SCTP_IERROR_ABORT; 2080 + } 2081 + break; 2065 2082 fallthrough: 2066 2083 default: 2067 2084 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",